CVSS: 7.8EPSS: 0%CPEs: 37EXPL: 0CVE-2024-21595 – Junos OS: EX4100, EX4400, EX4600, QFX5000 Series: A high rate of specific ICMP traffic will cause the PFE to hang
https://notcve.org/view.php?id=CVE-2024-21595
12 Jan 2024 — An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device. This issue only affects EX4100, EX4400, EX4600, QFX5000 Se... • https://advisory.juniper.net/JSA75734 • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 6.5EPSS: 0%CPEs: 93EXPL: 0CVE-2023-44203 – Junos OS: QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600: Packet flooding will occur when IGMP traffic is sent to an isolated VLAN
https://notcve.org/view.php?id=CVE-2023-44203
12 Oct 2023 — An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600 allows a adjacent attacker to send specific traffic, which leads to packet flooding, resulting in a Denial of Service (DoS). When a specific IGMP packet is received in an isolated VLAN, it is duplicated to all other ports under the primary VLAN, which causes a flood. This issue affects QFX5000 series, EX2300, EX3... • https://supportportal.juniper.net/JSA73169 • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 5.3EPSS: 0%CPEs: 112EXPL: 0CVE-2023-28984 – Junos OS: QFX Series: The PFE may crash when a lot of MAC addresses are being learned and aged
https://notcve.org/view.php?id=CVE-2023-28984
17 Apr 2023 — A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks Junos OS on QFX Series allows an adjacent attacker to cause the Packet Forwarding Engine to crash and restart, leading to a Denial of Service (DoS). The PFE may crash when a lot of MAC learning and aging happens, but due to a Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) that is outside the attackers direct control. This issue affects: Juniper Networks Junos OS versi... • https://supportportal.juniper.net/JSA70610 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 81EXPL: 0CVE-2023-22405 – Junos OS: QFX5k Series, EX46xx Series: MAC limiting feature stops working after PFE restart or device reboot
https://notcve.org/view.php?id=CVE-2023-22405
12 Jan 2023 — An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS) to device due to out of resources. When a device is configured with "service-provider/SP style" switching, and mac-limiting is configured on an Aggregated Ethernet (ae) interface, and then a PFE is restarted or the device is rebooted, mac-limiting doesn't wor... • https://kb.juniper.net/JSA70201 • CWE-1250: Improper Preservation of Consistency Between Independent Representations of Shared State •
CVSS: 6.5EPSS: 0%CPEs: 274EXPL: 0CVE-2022-22226 – Junos OS: EX4300-MP, EX4600, QFX5000 Series: In VxLAN scenarios specific packets processed cause a memory leak leading to a PFE crash
https://notcve.org/view.php?id=CVE-2022-22226
18 Oct 2022 — In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Uncontrolled Memory Allocation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated adjacently located attacker sending specific packets to cause a Denial of Service (DoS) condition by crashing one or more PFE's when they are received and processed by the device. Upon automatic restart of the PFE, continued processing of these packets will cause the memory leak to reappear. Depending on t... • https://kb.juniper.net/JSA69876 • CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 6.5EPSS: 0%CPEs: 51EXPL: 0CVE-2022-22210 – Junos OS: QFX5000 Series and MX Series: An l2alm crash leading to an FPC crash can be observed in VxLAN scenario
https://notcve.org/view.php?id=CVE-2022-22210
20 Jul 2022 — A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and MX Series allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). On QFX5K Series and MX Series, when the PFE receives a specific VxLAN packet the Layer 2 Address Learning Manager (L2ALM) process will crash leading to an FPC reboot. Continued receipt of this specific packet will create a sustained Denial of Service (DoS) condition. This issue affects Junip... • https://kb.juniper.net/JSA69714 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2022-22203 – Junos OS: EX4600 Series and QFX5000 Series: Receipt of specific traffic will lead to an fxpc process crash followed by an FPC reboot
https://notcve.org/view.php?id=CVE-2022-22203
20 Jul 2022 — An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). On QFX5000 Series, and EX4600 and EX4650 platforms, the fxpc process will crash followed by the FPC reboot upon receipt of a specific hostbound packet. Continued receipt of these specific packets will create a sustained Denial of Service (DoS) condition. This issue only affects Juniper Networks Junos OS 19.4 version 19.4R3-S4. Una vulnerabilidad de compara... • https://kb.juniper.net/JSA69707 • CWE-697: Incorrect Comparison •
CVSS: 7.5EPSS: 0%CPEs: 158EXPL: 0CVE-2022-22174 – Junos OS: QFX5000 Series, EX4600: Device may run out of memory, causing traffic loss, upon receipt of specific IPv6 packets
https://notcve.org/view.php?id=CVE-2022-22174
19 Jan 2022 — A vulnerability in the processing of inbound IPv6 packets in Juniper Networks Junos OS on QFX5000 Series and EX4600 switches may cause the memory to not be freed, leading to a packet DMA memory leak, and eventual Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial of Service (DoS) condition. The following error logs may be observed using the "show heap" command and the device may eventually run out of memory if such packets ar... • https://kb.juniper.net/JSA11280 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 195EXPL: 0CVE-2021-31370 – Junos OS: QFX5000 Series and EX4600 Series: Control traffic might be dropped if a high rate of specific multicast traffic is received
https://notcve.org/view.php?id=CVE-2021-31370
19 Oct 2021 — An Incomplete List of Disallowed Inputs vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an adjacent unauthenticated attacker which sends a high rate of specific multicast traffic to cause control traffic received from the network to be dropped. This will impact control protocols (including but not limited to routing-protocols) and lead to a Denial of Service (DoS). Continued receipt of this specific multicast traffic will create a susta... • https://kb.juniper.net/JSA11232 • CWE-184: Incomplete List of Disallowed Inputs •
CVSS: 5.3EPSS: 0%CPEs: 332EXPL: 0CVE-2021-31361 – Junos OS: QFX Series and PTX Series: FPC resource usage increases when certain packets are processed which are being VXLAN encapsulated
https://notcve.org/view.php?id=CVE-2021-31361
19 Oct 2021 — An Improper Check for Unusual or Exceptional Conditions vulnerability combined with Improper Handling of Exceptional Conditions in Juniper Networks Junos OS on QFX Series and PTX Series allows an unauthenticated network based attacker to cause increased FPC CPU utilization by sending specific IP packets which are being VXLAN encapsulated leading to a partial Denial of Service (DoS). Continued receipted of these specific traffic will create a sustained Denial of Service (DoS) condition. This issue affects: J... • https://kb.juniper.net/JSA11223 • CWE-754: Improper Check for Unusual or Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions •